-
SubResource Integrity 翻译为 子资源完整性, 特指 HTML 中引用的 stylesheet, javascript 等外部资源的完整性。
## 问题来由: 不被信任的CDN
为了性能,我们通常讲静态资源(图片、stylesheet, javascript)托管在CDN,让这些资源距离客户端更近,缩短页面加载时间。但如果CDN被攻击了,或者CDN本身使坏呢?如果托管…
-
I think it would be valuable to support SRI for service worker JS files.
Reasoning: There's a lot of controversy about web-based crypto applications. Namely, that they're never truly secure because…
-
Ensure `` and `` tags have `integrity=""` and `crossorigin=""` attributes.
-
**Is your feature request related to a problem? Please describe.**
Similar to rails/webpacker#323
Sprockets supported subresource integrity out of the box. It would be nice if
```ruby
vite_j…
-
See https://www.w3.org/TR/SRI/#the-integrity-attribute
> 3.1 Integrity metadata
To verify the integrity of a response, a user agent requires integrity metadata as part of the [request](https://fet…
-
To allow SRI reliably, it'd be nice to have access to versioned scripts (and CORS headers) if we're to implement this in a way that helps reduce the risk of XSS on sites that are relying on the CDN.
…
-
EWAB should automatically detect any scripts and styles that are included in a document, and produce `integrity` hashes for them.
If the scripts are inline, their hashes will need to be served in H…
-
As reported by @tobli this could be something for the coach:
https://hacks.mozilla.org/2015/09/subresource-integrity-in-firefox-43/
https://hacks.mozilla.org/2016/04/how-to-implement-sri-into-your-bui…
-
## Describe the problem
My infosec team is requesting that we load the DocSearch JavaScript with the subresource integrity property. I noticed that the Instantsearch.js files support this, as seen …
-
Originally reported by: **Magnus Hoff (Bitbucket: [maghoff](http://bitbucket.org/maghoff), GitHub: [maghoff](http://github.com/maghoff))**
---
https://developer.mozilla.org/en-US/docs/Web/Security/S…